CompTIA PenTest+ Certification Exam v1.0 (PT0-001)

Page:    1 / 5   
Total 66 questions

Which of the following excerpts would come from a corporate policy?

  • A. Employee passwords must contain a minimum of eight characters, with one being alphanumeric.
  • B. The help desk can be reached at 800-passwd1 to perform password resets.
  • C. Employees must use strong passwords for accessing corporate assets.
  • D. The corporate systems must store passwords using the MD5 hashing algorithm.


Answer : D

In which of the following scenarios would a tester perform a Kerberoasting attack?

  • A. The tester has compromised a Windows device and dumps the LSA secrets.
  • B. The tester needs to retrieve the SAM database and crack the password hashes.
  • C. The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
  • D. The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.


Answer : C

While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

  • A. HKEY_CLASSES_ROOT
  • B. HKEY_LOCAL_MACHINE
  • C. HKEY_CURRENT_USER
  • D. HKEY_CURRENT_CONFIG


Answer : C

Reference:
https://www.redcanary.com/blog/windows-registry-attacks-threat-detection/

A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

  • A. dsrm -users “DN=company.com; OU=hq CN=usersâ€
  • B. dsuser -name -account -limit 3
  • C. dsquery user -inactive 3
  • D. dsquery -o -rdn -limit 21


Answer : D

Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?

  • A. Creating a scope of the critical production systems
  • B. Setting a schedule of testing access times
  • C. Establishing a white-box testing engagement
  • D. Having management sign off on intrusive testing


Answer : B

HOTSPOT -
Instructions:
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Hot Area:




Answer :

Page:    1 / 5   
Total 66 questions